Explore
Security
Expert analysis on offensive security, incident response, and defensive architectures across cloud, mobile, and web.
More in Security
OpenCTI
OpenCTI is best understood as “a knowledge base and hub that organizes threat intelligence so that people and organizations can...
Cyber Kill Chain
All About the Cyber Kill Chain and Attack Infrastructure
Key Roles in Data Governance and System Security
Key Roles in Data Governance and System Security
Assumed Breach
Assumed Breach: A Paradigm Shift in Security Architecture
Social Engineering
Social Engineering: The Art of Hacking the Human OS
EDR Bypass
EDR Bypass Techniques: Understanding Attack Methods and Defense Strategies
Endpoint Detection and Response (EDR)
Understanding EDR: Endpoint Detection and Response
AWS Network ACL (NACL)
Complete Guide to AWS Network Security: VPC, NACL, and Security Groups
Cloud Security Overview
When focusing on cloud security, one must consider securing infrastructure, network, data, applications, and managing identities and access, security operations,...
Security Control Domains and Associated Roles
Understanding Information Security: Key Areas and Practices
Payments Industry and Regulatory Concepts
Key Drivers of Industry and Regulatory Compliance: Core Standards and Concepts
Risk Management Methodology
Risk Management Methodology
Payment Ecosystem
Payment Ecosystem
Diamond Model of Intrustion Analysis
What is the Diamond Model of Intrusion Analysis?
Threat Modeling
Threat Modeling Practical Guide
Security Information and Event Management (SIEM)
What is Security Information and Event Management (SIEM)?
IDS & IPS
What is an Intrusion Detection System (IDS)?
MITRE ATT&CK
MITRE ATT&CK Framework: Understanding Cyber Threats and Defense Strategies
Server-Side Template Injection (SSTI)
Server-Side Template Injection (SSTI) — Practical Attacks and Defenses
Web Application Firewall (WAF)
What is a WAF? A WAF (Web Application Firewall) is a security solution that operates at OSI Layer 7 (the...
Web Shells and Reverse Shells
1. Web Shells: The Master Key to the Web Server
Secure Code Review
Secure Code Review: Reading Code Through an Attacker’s Eyes in JavaScript and Node.js
HTTP Status Codes
HTTP Status Codes
Browser Extension Penetration Test
Browser Extension Security
JWT Penetration Test
Core JWT Vulnerability Analysis and Attack Scenarios
Simple Object Access Protocol (SOAP)
1. Basic Concepts of SOAP
File Upload Feature Penetration Test
When a file upload feature is present, you should check the following items. Fundamentally, from a developer’s perspective, a whitelist...
Dissecting HTTP Headers
Web Penetration Testing: Dissecting HTTP Headers
Cookie & Seession Security
Differences Between Cookies and Sessions
OWASP Top 10 - 2021
2021 Top 10 Web Application Security Risks
OWASP Top 10 - 2017
2017 Top 10 Web Application Security Risks A1:Injection
Injection Attacks Beyond SQL and XXS
1. Command Injection: The Shell is the Limit
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF): When Your Server Becomes an Attacker’s Proxy
Cross-Site Request Forgery (CSRF)
The Cross-Site Request Forgery (CSRF) Attack
Cross-Site Scripting Attack (XXS)
The Cross-Site Scripting Attack
SQL Injection
SQL Injection: When Data Becomes Code
Passkey
Definition and Concept of Passkeys
Fast Identity Online (FIDO) & WebAuthn
The Core Philosophy of FIDO (Fast Identity Online)
Single Sign-On (SSO)
What is SSO (Single Sign-On) and Why is it Important?
Security Assertion Markup Language (SAML)
What is SAML (Security Assertion Markup Language)?
OpenID Connect & OAuth 2.0
OpenID Connect (OIDC) vs. OAuth 2.0
Authentication and Authorization - JWT
Here’s the English translation of the provided text:
Active Directory and LDAP
What is Active Directory (AD)?
Android Penetration Test Check List
Bypassing the Client-Side Authentication Mechanism
Mobile App Penetration Testing: The Anatomy of Local Data Storage & Runtime Extraction on Android & iOS
OWASP Top 10 Mobile- 2024
OWASP Top 10 Mobile- 2017
Hidden Dangers of Mobile Security: A Complete Guide to the Top 10 Risks M1: Improper Platform Usage
Binary Protection
우리 손안의 전쟁터: 모바일 바이너리 보호 기술과 우회 전략
Frida
1. Advanced Frida Scripting: Controlling App Internals and Data Extraction
Obfuscation
A Smokescreen in the Code: Obfuscation and the Art of Lifting the Veil
Bypass pinning by repackaging - Android
Mastering SSL Pinning Bypass: From Package Repackaging to Automated Tools
Certificate Pinning
What is Certificate Pinning?
Rooting & Jailbreak
The Art of Breaking System Locks: Everything About Rooting and Jailbreaking
Android Key Store & iOS Keychain
Fort Knox on Your Phone: Understanding & Pentesting Android KeyStore and iOS Keychain
The Anatomy of Mobile App
The Anatomy of Mobile App and Penetration Testing Common Types of Sensitive Information to Look For
Mobile Platform Security
Mobile Platform Security: A Comparative Analysis of iOS and Android Strategies
Types of Mobile App
The three main approaches to mobile application development are Native, Cross-Platform, and Hybrid apps. Each method has its unique characteristics,...
Proxy Protocols
Understanding ‘Proxy Protocols’: Overcoming the Limitations of Smart Contracts
OWASP Smart Contract Top 10 - 2025
Decentralized Finance (DeFi)
What is DeFi (Decentralized Finance)?
Smart Contract
Basic Concepts of Smart Contracts
What is Blockchain?
What is Blockchain Technology?
Lightning Network
Bitcoin Bitcoin is based on the premise that you don’t need to trust anyone, recording all transaction details in blocks...
WiFi Pineapple
WiFi Pineapple Analysis: A Threat Exploiting Fundamental Vulnerabilities in Trust-Based Wireless Networks
Address Resolution Protocol (ARP)
How to Find a MAC Address Using an IP Address: A Complete Guide to ARP (Address Resolution Protocol)
Zero Trust Architecture
Zero Trust Architecture: A New Paradigm in Modern Cybersecurity
OSI 7 & TCP/IP
Introduction to the OSI Model
Virtual Private Networks (VPN)
Concepts and Security Mechanisms of VPNs (Virtual Private Networks)
DNS Data Exfiltration
DNS Operating Principles
TCP/UDP
TCP/UDP Protocol Security: Analysis of Vulnerabilities and Attack Techniques
Packet Sniffing and Spoofing
1. The Difference Between Sniffing and Spoofing
Open Network Vulnerabilities
Open Network Vulnerabilities: Risks and Security Measures
Everything about TLS
Everything About TLS (Transport Layer Security)
PGP and S/MIME
1. Core Principles of PGP (Pretty Good Privacy)
Certificate Generation By Using OpenSSL
Certificate Generation: Using OpenSSL to Create CA, Client, and Server Certificates
Encoding And Decoding
The Concepts of Encoding and Decoding
Digital Signatures and Certificates
Everything About Digital Signatures and Certificates: A Complete Guide to PKI
Hash & Encryption
Hash and Encryption: Key Concepts and Differences
Hack the Box Introduction
시작 OpenVPN을 설치합니다. 링크 로그인 후 오른쪽 CONNECT TO HTB를 클릭합니다. 그리고 그 아래 Starting Point 혹은자신이 실행시킬 머신을 클릭합니다....
SolarWinds hack
개요 SolarWinds는 네트워크, 시스템 및 정보 기술 인프라 관리를 지원하는 기업용 소프트웨어 회사이다. 이 회사 제품 중 Solarwinds Orion이라는 제품의...
SSH 취약점
SSH란? Secure Shell의 약자로 원격에 있는 컴퓨터를 shell로 안전하게 제어하기 위한 프로토콜 혹은 이 프로토콜을 사용하는 프로그램을 의미한다. 포트 번호는...
The Dirty COW Race Condition Attack
Introduction Race condition vulnerability의 일종이며 Linux기반의 모든 OS에 영향을 주는 취약점이다. 공격자는 읽기 모드라도 모든 protected file을 수정할 수 있게...
Race Condition Vulnerability
Introduction Race condition problem이란 when two concurrent threads of execution access a shared resource in a way that unintentionally produces...
Return to libc Attack
Introduction
Buffer overflow attack
The five segments in a process’s memory layout for a typical C program.
Shellshock Attack
Shell이란? Shell이란 command-line interpreter이다. 유저와 OS사이에서 명령어들을 읽고 그것들을 실행시켜준다. sh, bash, csh, zsh, Windows PowerShell 등이 있다. 그 중...
SET-UID Program
privileged program: 접근 권한이 적용되어 있는 프로그램 이런 프로그램에 접근하기 위해서는 2가지 방법이 필요하다. Set-UID program. 사용자가 필요에 따라 privilege변환이...
Evidence
증거품들은 적절한 환경에서 잘 보존되어야 할 것이다.
Crime Investigation
Chain of Custody Chain of Custody에 어떠한 결함이라도 있다면 그것은 trial에서 채택되지 않는다. 증거물품들이 옮겨질때마다 항상 기록해야되는데 첫번째 기록은 when...
Introduction to Forensics
Intoruction Forensics란? the use of science and technology to investigate and establish facts in criminal or civil courts of law....